News

By R. William “Bill” Ide and Crystal J. Clark  

R. William (“Bill”) Ide, III is a partner at McKenna Long & Aldridge LLP and serves as chairman of The Conference Board Governance Center Advisory Board. As chairman of the McKenna Long& Aldridge Governance Center, Mr. Ide represents boards of directors and companies in governance reviews, special investigations, maximizing board dynamics, and governance policy development and advocacy.  

Crystal J. Clark is an associate at McKenna Long & Aldridge LLP. As a member of the McKenna Long & Aldridge Governance Center, Ms. Clark represents boards of directors and companies in governance reviews, special investigations, maximizing board dynamics, and governance policy development and advocacy.  

In today's public company arena, there is an active movement by some to separate the chief legal officer from the compliance function. This forced separation is an unwarranted intrusion into a company's legal risk management and acts to deny the company its right to counsel.

At the heart of the compliance function is the company's determination whether a code of conduct or a law has been violated and the appropriate response it should take. In an effective compliance program, such a determination centers around legal analysis made under the protection of the attorney-client privilege and work product doctrines (collectively “attorney-client privilege”) and involves the company's chief legal officer. The entity's ability to confide in its chief legal officer under attorney-client privilege regarding compliance issues both protects the innocent against unfounded allegations and encourages open disclosure of violations and potential violations so they can be addressed and properly remedied.¹

During the Enron era, a few general counsel violated their legal and ethical duties, and much trust was lost with respect to their role in compliance. Since then, some politicians, academics and members of the enforcement community have pushed for a number of governmental policies that effectually would erode the company's right to counsel and the attorney-client privilege. With these pressures, for example, the U.S. Sentencing Commission and the U.S. Department of Justice implemented guidelines providing that an entity's willingness to waive its attorney-client privilege and work product protections could be a legitimate factor in determining whether the entity should receive cooperation credit--and hence leniency--during government investigations.²

Ultimately, the Sentencing Commission and the Justice Department recognized the critical role that independent counsel and confidentiality play in enabling a company to understand and comply with the law, and both privilege waiver policies were substantially modified to better protect the privilege.³ As a result, the pressures that had impeded a company's ability to effectively utilize its counsel in compliance determinations were substantially relieved. Unfortunately, these pressures have resurfaced as certain federal agencies increasingly adopt the indirect tactic of requiring companies to agree in federal settlement agreements that the chief legal officer not be involved with the company's compliance function.

The time has come to clarify once and for all that although a chief compliance officer need not be the chief legal officer, it is the chief legal officer who has ultimate responsibility for making legal determinations concerning an entity's compliance with laws, and pressures to the contrary effectively deny entities the right to counsel.

Compliance Programs Require Legal Counsel

Compliance programs were initiated by the defense industry in the 1980s to forestall further government regulation and have since expanded to all public companies as a best practice.⁴ The more recent Revised Federal Sentencing Guidelines (the “Revised Sentencing Guidelines”) set forth compliance program elements that if observed by companies, will constitute a form of safe harbor from prosecution for the company, as an entity, and will encourage self-policing.⁵ Such compliance programs are designed to prevent violations of law through education, training, detection and remediation. Effective compliance programs institutionalize a process for the identification of legal requirements, education and training of employees with respect to those requirements, evaluating potential violations of law, and advising the entity regarding its duties, obligations and potential remedies concerning discovered violations.⁶

The vast majority of all compliance activities involve prevention and education activities, where a lawyer's role in interpreting, explaining and performing risk assessments is critical.⁷ For example, by virtue of his or her legal training, a chief legal officer is well-positioned to provide insight into government regulations and potential legal consequences of certain actions. Lawyers are a critical component in identifying legal risks, preparing the substantive training materials and in assisting with the education required to prevent violations of law.

Detection and determinations as to violations of law are the critical areas where public companies must have confidential advice of counsel protected by the attorney-client privilege. Although many hotline reports and other reports of violations are more human resources-based than legal and can be handled by a non-lawyer, the more serious appearing potential violations often require significant investigation before an actual legal determination can be made. In such situations, confidentiality and high quality legal analysis are critical, because the company, its employees and other innocent people could be harmed if unfounded allegations were made public before all facts were gathered and evaluated. Of equal importance are the legal analysis and ultimate decisions that must be made when violations of law have occurred.

These situations often raise a multitude of important questions, such as: What violations must be made public? To whom? What discipline and other actions concerning perpetrators should be taken? What remediation should be undertaken? Is a crisis management plan in place to manage the public and government affairs aspects? Evaluations of many of these questions must be made under the full protection of the attorney-client privilege for the corporate client to receive the meaningful legal assistance that is critical to protecting the interests of its stakeholders.

Ultimately, the company's board of directors must oversee the management's handling of these critical questions; however, the board will not have the legal expertise and under the business judgment rule, they will be expected to rely on the advice and expertise of the chief legal officer. In the event a legal determination is made that a violation of law does exist, then the lawyer has an ethical responsibility to assure the proper reporting of the violation, as described further below.⁸

Lawyers' Ethical Obligations

The trend to separate the chief legal officer from the position of chief compliance officer, discussed further below, neglects to take into account that lawyers have a higher calling and an ethical obligation to appropriately report violations of law. Though not widely understood and appreciated, every lawyer is a regulated “officer of the court,” who has an ethical obligation to the entity he or she represents. This ethical obligation transcends any obligations that the chief legal officer may have as an employee. In the company-lawyer context, lawyers are lawyers who happen to be employees, not employees that happen to be lawyers.⁹ Under their ethical obligations, lawyers are bound to represent the interests of the entity--not the board, management or themselves. If they become aware of any violation of law, lawyers are obligated to bring it to the attention of top management and the board and in certain circumstances, to notify third parties of the violation in order to prevent harm.¹⁰

The American Bar Association Task Force on Corporate Responsibility, in its report regarding the causes of the Enron-era scandals, affirmed that the chief legal officer has an ethical and legal duty to represent the interests of the entity, not to represent management.¹¹ To ensure that chief legal officers report material violations, the Task Force recommended changes to the ABA's Model Rules of Professional Conduct

intended to enhance the lawyer's ability to exercise and bring to bear independent professional judgment, and thereby enhance the lawyer's ability to promote corporate responsibility without undermining the constructive and collaborative relationship that must exist with the client so that compliance with law can be most effectively promoted.¹²  

 

Due to this overriding ethical mandate, the supposed “inherent conflict of interest”--which, as discussed below, Senator Charles Grassley (R-Ia.) and the U.S. Department of Health and Human Services (“HHS”) have alleged--does not exist. If a situation arose where the chief legal officer or a member of the law department were implicated in a potential compliance violation, he or she would be ethically required to bring in independent counsel to report directly to the audit committee to investigate the allegation.¹³

Ethical and reporting obligations of lawyers have increased since the time of the Enron collapse.¹⁴ If a lawyer fails to abide by his or her ethical and reporting obligations today, he or she is subject to serious consequences. In addition to whatever civil and criminal legal ramifications may ensue, the lawyer also can face disciplinary action from the relevant state court in which the lawyer is licensed to practice, the mandatory bar association of which the lawyer is a member, or the federal court or agency before which the lawyer is admitted to appear and practice.¹⁵

Some lawyers during the Enron era did not adhere to their ethical obligations, but were ultimately held accountable and punished.¹⁶ Now more than a decade after the Enron-era scandals, history has proven that the legal profession has largely served public companies well as independent counsel in assuring the installation and implementation of strong compliance systems and in policing those few lawyers who have not followed the law.

Misguided Movement

As mentioned above, in recent years, there has been a movement to separate chief legal officers from the compliance function. This movement seems to have been ignited in 2003, after a slew of corporate scandals, when the Senate Finance Committee started an investigation into Tenet Healthcare's corporate governance practices.¹⁷ Sen. Grassley made an allegation in his document request letter that would serve as the “battle-cry” for a change in the structure of compliance--a change that has garnered much attention in recent years, but at a significant potential cost to the very compliance programs he sought to strengthen. Sen. Grassley alleged an inherent conflict of interest between the positions of chief legal officer and chief compliance officer, arguing that a company's general counsel should not serve as the company's chief compliance officer.¹⁸

As noted previously, various federal agencies officially reversed initial efforts around this time by the enforcement community to interfere with the attorney-client privilege, and hence the right to counsel.¹⁹ Nonetheless, the Office of the Inspector General (“OIG”) of HHS has since embraced Sen. Grassley's position of separating the chief legal officer from the compliance function by intruding into a company's attorney-client relationship through its corporate integrity agreements.²⁰ For example, HHS has consistently used its corporate integrity agreements to require separate individuals to hold the positions of chief legal officer and chief compliance officer. In 2008, in its corporate integrity agreement with Bayer Healthcare, LLC, HHS imposed an additional limitation, stating that the chief compliance officer “shall not be or be subordinate to the General Counsel or Chief Financial Officer.”²¹ Its more recent corporate integrity agreement with Johnson & Johnson contains the same language.²²

As a result of HHS's position in these corporate integrity agreements, and the belief of some healthcare consultants that this approach is the new norm, some healthcare companies have voluntarily repositioned their compliance functions outside the legal department, removing legal oversight of the compliance function. Slowly, commentators focused on administrative considerations and insensitive to the legal ramifications have started arguing that these healthcare compliance practices should be applied to other industries as well.²³

HHS's required removal of the chief legal officer from the compliance function is reported to be based on a concern that company lawyers are overly broad with their claims of confidentiality under the attorney-client privilege. However, their solution of placing a nonlawyer in charge of making legal decisions for the company, either directly or through that individual employing outside counsel, effectively removes the compliance function from the company's rights and responsibilities. A compliance system is owned by the company and legal judgments on compliance issues can be much more complex than the question regarding whether a violation of law may have occurred. As noted previously, there are many questions to be reviewed that need the protection of the attorney-client privilege to protect the interests of the company, its employees and its stakeholders.

The chief legal officer need not be the chief compliance officer, but the company's lawyer does need to perform the legal analysis of whether a violation exists and what course of action to take. HHS would suggest that there be no lawyer, or that the chief compliance officer engage its own lawyer, instead of consulting the company's lawyer. As discussed below, this arrangement would effectively deprive the company of its right to counsel and confidentiality to its potential detriment.

An Entity's Right to Counsel

Our legal system is an adversarial system, which can only function effectively based on the right to counsel, the attorney-client privilege and the work product doctrine.²⁴ Each of these fundamental legal rights is necessary to encourage individuals and organizations alike to seek counsel in how to conform their conduct to the law and, thereby, each acts to strengthen compliance. In their eagerness to quell violations of law, the OIG, HHS and other members of the enforcement community have the mindset of: “tell me everything now, and I will decide if there is a violation of law.”

It is the role of corporate counsel, however, and not of the enforcement community, to determine and advise their clients regarding whether a violation of law exists and what course of action to take if so. The enforcement community's approach goes too far because forcing disclosure before the entity is able to seek legal counsel essentially denies the entity's right to seek effective counsel to determine whether a violation of law exists in the first place and to obtain advice regarding the proper course of action to take if a violation or potential violation is found.²⁵

One consequence of this forced premature disclosure is the detrimental effect of disclosing unfounded allegations, which risks injuring not only the entity but also its employees, stakeholders and the investing public. Moreover, growing use and accessibility of social media today allows information to run rampant and compounds the harm. Entities, like individuals, are entitled to engage in their own fact-finding and to consult with legal counsel prior to determining whether disclosure of violations or potential violations to the enforcement community is necessary and appropriate. By removing the chief legal officer from the compliance function and forcing premature disclosure, the enforcement community is essentially depriving entities of their fundamental right to effective counsel and making them vulnerable to unnecessary harm.²⁶

Relationship Between CCO, CLO

As noted above, for entities to comply with laws, it is critical that they have the assistance of legal counsel. Today, most public companies and entities have a chief legal officer to provide the necessary guidance. Commencing with the defense industry in the 1980s and now through the mandates of the Revised Sentencing Guidelines, entities have adopted robust compliance systems, which involve risk identification, training and detection under the direction of a “chief compliance officer.”²⁷ It is the chief legal officer and the lawyers who have the skills and ethical obligations to identify and mitigate legal risks.

Often, especially in small and midcap companies, the chief legal officer is the chief compliance officer. Although legal analysis is still the critical component in larger enterprises, the sheer scale of administration required may suggest that the chief compliance officer in large enterprises be an individual with expertise in business processes and training. For this reason, the chief compliance officer in many larger enterprises may not be a lawyer. Nonetheless, in such situations the chief legal officer still has ultimate responsibility for the entity's compliance with the law and should work closely with the chief compliance officer.

It has long been settled that the chief compliance officer, whether also the chief legal officer, should have a direct line of reporting to a board audit committee, which has substantive oversight. The debate continues, however, with respect to the proper department to provide administrative oversight of a chief compliance officer who is not also the chief legal officer.²⁸ The three primary options for providing administrative oversight for the compliance function that have emerged in recent years are: (i) the audit committee, (ii) the chief executive officer and (iii) the chief legal officer.²⁹

Unfortunately, entities weighing these options too often fail to make the distinction between substantive and administrative oversight. The board, typically through its audit committee, has the substantive oversight responsibility to assure adequate systems are in place to identify risk, conduct education and training, and detect violations of the compliance code. The administrative reporting, on the other hand, refers to hiring, evaluation and compensation based on performance, with the only substantive involvement occurring when there is a potential conflict of interest.³⁰ The only “member” of management with a transcending duty to the entity is the chief legal officer, who is ethically obligated to assure there are no conflicts of interest.

For Compliance, Legal Counsel Needed

Whether the chief compliance officer reports to the chief legal officer, the important dynamic is that the compliance program provides a mechanism to allow for a legal determination to be made as to any potential violation. The chief compliance officer serves as the primary administrator of the compliance program, implementing programs, monitoring activities and compiling information on actual or potential infractions. A chief compliance officer who is not the chief legal officer, however, cannot be responsible for determining whether an actual or potential breach of law or fiduciary duty exists. When potential infractions of law or of the compliance code are considered, responsibility for the ultimate determination belongs to the chief legal officer of the entity.

Pursuant to this dichotomy, a chief compliance officer who is not the chief legal officer would, with the assistance of counsel and often under the attorney-client privilege, gather the information on a potential infraction and present the findings to the chief legal officer for review and analysis. The chief legal officer would determine if an infraction had occurred and, if so, the appropriate remedial measures to be taken. As discussed previously, if an allegation implicated members of the legal department, independent counsel retained by and reporting to the audit committee would be used to avoid the optics of impropriety. From a practical point of view, it typically would be appropriate for the chief compliance officer to report to the chief legal officer. With the legal analysis oversight designated to the chief legal officer, the chief compliance officer would focus on the non-legal skills necessary to address the culture, business process and fact finding needs of the compliance function.

Conclusion

In summary, public companies and similar entities are entitled to have effective independent counsel to establish, oversee and advise them concerning the legal aspects of their compliance systems and the decisions that must be made. In addition, for that legal counsel to be truly effective, the attorney-client privilege and work product doctrine must be fully respected and not undermined by shortsighted federal agency policies or procedures, however well-intentioned.

A lawyer working for an entity is not an employee that happens to be a lawyer, but instead is a lawyer that happens to be an employee. The lawyer's ethical duties and obligations to the client, to the court and to society as a whole guide the lawyer's actions and transcend his or her obligations as an employee. It is time to clarify once and for all that the right to counsel includes a company's right to the effective assistance of counsel in conducting its compliance program.

 

¹ Typically, in public companies the board of directors retains a chief legal officer, also known as a general counsel, to represent the entity's interests. References to chief legal officers herein refer to such individuals.

² U.S. Sentencing Guidelines §8C2.5(g), cmt. n.12; Memorandum from Larry D. Thompson, Deputy Attorney General, Department of Justice, to Heads of Department Components, U.S. Attorneys, Principles of Federal Prosecution of Business Organization (Jan. 20, 2003), at p. 7, available athttp://www.americanbar.org/content/dam/aba/migrated/poladv/priorities/privilegewaiver/2003jan20_privwaiv_dojthomp.authcheckdam.pdf.

³ See, e.g., U.S. Sentencing Guidelines §8C2.5(g) (deleting consideration of entity's waiver of attorney-client and work production protections from determination of reduction in culpability in Application Note 12, effective Nov. 1, 2006); U.S. Attorney's Manual §§9-28.000 to 9-28.1300 (incorporating principles set forth in Filip Memorandum of 2008, which modified McNulty Memorandum of 2006, which in turn had modified Thompson Memorandum of 2003, each further limiting extent to which prosecutors may request waiver of attorney-client privilege); Attorney-Client Privilege Protection Act of 2006, S. 30, 109th Cong. (2006) (prompting the Department of Justice to issue the McNulty Memorandum).

⁴ See R. William “Bill” Ide, III, Creating a Proactive Compliance Strategy, The Metropolitan Corporate Counsel, October 2004, available athttp://www.metrocorpcounsel.com/pdf/2004/October/52.pdf.

⁵ In the early 1990s, the U.S. Sentencing Commission promulgated the U.S. Sentencing Guidelines (the “Sentencing Guidelines”), which established the initial compliance program guidelines for companies. U.S. Sentencing Guidelines § 8A1.2, cmt. n. 3(k) (1991). In 2004, the Sentencing Guidelines were revised to reflect an evolution in public policy that a corporation must do more than just establish a program; it must ensure that the program is “effective” and promotes an organizational culture that encourages ethical conduct, in addition to a commitment to compliance with all laws. Id. at § 8B2.1 (2004).

⁶ To be effective, a compliance function must be carefully tailored, using the resources available, to meet the needs of the company. In larger companies with greater resources, culture building skills, business process skills, education skills and detection skills are typically provided under a matrix approach where human resources, internal audit and other departments dedicate certain resources to the compliance function. Nonetheless, the core of compliance requires the participation of the law department because the primary purpose of compliance is to understand the vast legal and regulatory requirements that vary greatly by industry. Smaller companies typically have called upon their lawyers to fulfill most of the compliance functions that would be handled by a specialized matrix of skills in larger companies.

⁷ As alluded to above, at one point in the evolution of the Revised Sentencing Guidelines, some academics and members of the enforcement community attempted to require companies to waive their attorney-client privilege for ease of prosecution. Those in favor had lost trust in lawyers and believed that the more information the enforcement community had access to the better. Ultimately, after a significant education campaign by the American Bar Association and other concerned stakeholders, it was recognized that advice of counsel is critical to encouraging the open communications necessary for companies' legal compliance, and the privilege was restored.

⁸ ABA Model Rules of Professional Conduct, Rule 1.13, available athttp://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_1_13_organization_as_client.html.

⁹ See ABA Model Rules of Professional Conduct, Preamble (providing that when a conflict arises among a lawyer's responsibilities to his or her clients, to the legal system and to the lawyer's self-interests, the lawyer must look to the Rules of Professional Conduct to guide his or her actions), available athttp://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/model_rules_of_professional_conduct_preamble_scope.html.

¹⁰ ABA Model Rules of Professional Conduct, Rule 1.13(b) and (c), available athttp://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_1_13_organization_as_client.html.

¹¹ Report of the American Bar Association Task Force on Corporate Responsibility (Mar. 31, 2003), available athttp://www.mckennalong.com/media/news/2282_corporateresponsibilitytaskforcefinalreport_march312003_.pdf.

¹² Id. at 24.

¹³ ABA Model Rules of Professional Conduct, Rule 1.7(2), available athttp://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_1_7_conflict_of_interest_current_clients.html.

¹⁴ See, e.g., ABA Resolution 302B, adopted by the ABA House of Delegates in August 2006, and the related background Report of the American Bar Association Task Force on Attorney-Client Privilege, available athttp://www.americanbar.org/content/dam/aba/uncategorized/GAO/report302B_employeerightspolicy_am2006.authcheckdam.pdf; Report of the American Bar Association Task Force on Corporate Responsibility (Mar. 31, 2003), available athttp://www.mckennalong.com/media/news/2282_corporateresponsibilitytaskforcefinalreport_march312003_.pdf; Pub. L. No. 107-204, §307, 116 Stat. at 784 (codified at 15 U.S.C. §7245 (2002)) (requiring “noisy withdrawal” and “up the ladder reporting”); 17 CFR Part 205 (implementing standards of professional conduct for attorneys).

¹⁵ ABA Model Rules of Professional Conduct, Rule 8.5(a) available athttp://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_8_5_disciplinary_authority_choice_of_law.html.

¹⁶ See e.g., SEC Litigation Release No. 20866 (Jan. 26, 2009) (settling civil fraud charges against former Enron in-house attorneys) available athttp://www.sec.gov/litigation/litreleases/2009/lr20866.htm; SEC Litigation Release No. 18891 (Sept, 22, 2004) (settling securities fraud charges and permanently barring general counsel of Computer Associates International, Inc. from serving as officer or director of public company), available athttp://www.sec.gov/litigation/litreleases/lr18891.htm; Ex-Lawyer for Rite Aid Is Found Guilty, N.Y. TIMES, Oct. 18, 2003 (describing conviction of former chief counsel of Rite Aid Corporation who was sentenced to more than 10 years in prison); SEC Release No. 19286 (June 27, 2005) (holding former general counsel of U.S. Wireless Corporation liable for about $3.9 million in disgorgement, barring him from serving as officer or director of public company for 10 years, and suspending him from appearing or practicing before the SEC as an attorney), available athttp://www.sec.gov/litigation/litreleases/lr18891.htm; Lynnley Browning, 3 Convicted in KPMG Tax Shelter Case, N.Y. TIMES, Dec. 18, 2008 (describing conviction of tax lawyer for KPMG with respect to tax shelter scandal).

¹⁷ Tenet Healthcare had significant legal and compliance issues that far exceeded the unnecessary cardiac tests that launched the investigation. In fact, Tenet Healthcare had been the subject of at least 53 federal investigations dating back to 1994, including allegations of fraud, upcoding, overbilling, duplicate billing, kickbacks, providing medically unnecessary services and misrepresenting services. Letter from Sen. Chuck Grassley to Trevor Fetter, Tenet Healthcare Corp. (Sept. 8, 2003), available athttp://www.grassley.senate.gov/releases/2003/p03r09-08.htm.

¹⁸ Id. In the document request letter, Sen. Grassley famously noted, “It doesn't take a pig farmer from Iowa to smell the stench of conflict in that arrangement.” Id.

¹⁹ See supra notes 1 and 2. If the Attorney-Client Privilege Protection Act had been enacted by Congress, it would have further protected the attorney-client privilege and the right to counsel by prohibiting all federal agencies except bank regulators from requesting waiver of the privilege or providing any direct or indirect incentives for parties to do so.

²⁰ Corporate integrity agreements are more commonly known as deferred prosecution agreements. The OIG of HHS states on its website that it

negotiates corporate integrity agreements with health care providers and other entities as part of the settlement of Federal health care program investigations arising under a variety of civil false claims statutes. Providers or entities agree to the obligations, and in exchange, OIG agrees not to seek their exclusion from participation in Medicare, Medicaid, or other Federal health care programs.  

 

Additional information regarding OIG's efforts to promote corporate integrity agreements is available at http://oig.hhs.gov/compliance/corporate-integrity-agreements/index.asp.

²¹ 2008 Corporate Integrity Agreement between the OIG of HHS and Bayer Healthcare LLC, available athttps://oig.hhs.gov/fraud/cia/agreements/fully_executed_bayer_cia_112508.pdf.

²² 2013 Corporate Integrity Agreement between the OIG of HHS and Johnson and Johnson, available athttp://www.policymed.com/2013/11/johnson-and-johnson-2013-settlement-and-corporate-integrity-agreement.html

²³ The 2013 State of Compliance study conducted by PricewaterhouseCoopers LLP reports a steady decline during the last three years in the number of companies in which the chief compliance officer formally reports to the chief legal officer (of the companies surveyed, there was a decrease from 37 percent in 2011 to 33 percent in 2012 and to 28 percent in 2013).

²⁴ Full, frank communication between a lawyer and his or her client is necessary for the lawyer to “represent the client effectively and, if necessary, to advise the client to refrain from wrongful conduct.” ABA Model Rules of Professional Conduct, Rule 1.6, cmt. [2], available athttp://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/rule_1_6_confidentiality_of_information/comment_on_rule_1_6.html.

²⁵ See United States v. Rocky Mountain Corp., 746 F. Supp. 2d 790, 800 (W.D. Va. 2010) (stating that corporation has “the right to retain the counsel of its choice to represent its interests without undue governmental intrusion”).

²⁶ E.g., Upjohn Co. v. United States, 449 U.S. 383 (1981).

²⁷ See Ide, III supra note 4.

²⁸ The question has some parallel to internal audit function reporting.

²⁹ The audit committee has been advanced by some as the proper “supervisor” of the chief compliance officer by arguing that such a relationship ensures the independence of the compliance function. Other commentators contend that the performance and compensation of the chief compliance officer should be conducted by a senior manager, due to the limited exposure of the audit committee members to the chief compliance officer and the audit committee's lack of adequate resources and skill sets.

³⁰ Some commentators argue that if any member of management oversees the chief compliance officer's compensation and evaluation, then the chief compliance officer will be beholden to that individual and the compliance detection function will suffer as a result. Others raise concern that if the audit committee oversees the performance and compensation of the chief compliance officer, it would place the committee in a difficult situation should allegations of unfair treatment emerge from the chief compliance officer.